自动化运维
(1)环境准备
关闭防火墙和SELinux,并修改/etc/hosts文件
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
getenforce 0
cat /etc/selinux/config
…
# disabled - No SELinux policy is loaded.
SELINUX=disabled //将此处改为disabled
# SELINUXTYPE= can take one of three two values:
…
[root@ansible-test1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.x.x ansible-test1 //添加两台主机的IP和主机名
192.168.x.x ansible-test2
(2)安装Ansible
[root@ansible-test1 ~]# yum install epel-release -y
[root@ansible-test1 ~]# yum install -y ansible
[root@ansible-test1 ~]# ansible --version
(3)免密配置
【test-1】:
ssh-keygen -t rsa
ssh-copy-id 192.168.x.x #test2机器的id
ssh 192.168.x.x
(4)主机组设置
grep ^[^#] /etc/ansible/hosts
[testhost]
127.0.0.1 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=123456
192.168.x.x
2 Ansible远程执行命令
ansible testhost -m command -a "hostname"
ansible 192.168.2.20 -m command -a "hostname"
3 Ansible拷贝文件或目录
ansible 192.168.2.20 -m copy -a "src=/etc/passwd
dest=/tmp/123"
4 脚本执行
cat /tmp/test.sh
ansible testhost -m copy -a "src=/tmp/test.sh
dest=/tmp/test.sh "
5批量运行脚本
ansible testhost -m shell -a "/tmp/test.sh
ansible testhost -m shell -a "cat /etc/passwd |wc -l "
6 管理任务计划
ansible testhost -m cron -a "name='test cron'
job='/bin/bash/tmp/test.sh' weekday=6"
ansible testhost -m cron -a "name='test cron'
state=absent" #删除cron
7 Ansible安装RPM包/管理服务
ansible testhost -m service -a "name=httpd state=started
enabled=yes" #在name后面还可以加上state=installed/removed。
ansible-doc -l #列出服务模块
Ansible playbook使用
vim /etc/ansible/test.yml
---
- hosts: "192.168.116.136"
remote_user: root
tasks:
- name: test_playbook
shell: "touch /tmp/playbook_test.txt"
ansible-playbook test.yml
cat create_user.yml
ansible-playbook create_user.yml
ansible playbook中的循环
cat while.yml
ansible-playbook while.yml
ansible playbook中的条件判断‘
ansible-playbook when.yml
ansible playbook中的handlers
ansible-playbook handlers.yml
Ansible playbook实战
ansible自动化安装nginx
./configure --prefix=/usr/local/nginx
make && make install
cat /etc/init.d/nginx
cat /usr/local/nginx/conf/nginx.conf
# /usr/local/nginx/sbin/nginx -t
启动nginx #psmisc可以安装killal清理httpd端口占用
# service nginx start
环境准备
mv nginx-1.9.6.tar.gz /etc/ansible/nginx_install/roles/install/files/
cp nginx-1.9.6/conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/
cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/
[root@ansible1 nginx_install]# cat install.yml
---
- hosts: 192.168.x.x #入口文件,ssh连接机器
remote_user: root
gather_facts: True
roles:
- common
- install
[root@ansible2 nginx_install]# cat roles/common/tasks/main.yml
- name: install initialization require software #安装需要的依赖
yum: name={{ item }} state=installed ##item变成nginx_packages
with_items:
- zlib-devel
- pcre-devel
- gcc
[root@ansible1 nginx_install]# cat roles/install/vars/main.yml
nginx_user: www #定义所需变量
nginx_port: 80
nginx_basedir: /usr/local/nginx
[root@ansible1 nginx_install]# cat roles/install/tasks/copy.yml
- name: Copy Nginx Software #复制压缩包
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root
- name: Uncompression Nginx Software #解压压缩包
shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/
- name: Copy Nginx Start Script #复制启动脚本
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
- name: Copy Nginx Config #复制nginx配置文件
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root
mode=0644
[root@ansible2 nginx_install]# cat roles/install/tasks/install.yml
- name: create nginx user #创建用户
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
- name: start nginx service #开启服务
shell: /etc/init.d/nginx start
- name: add boot start nginx service #加入开机启动
shell: chkconfig --level 345 nginx on
- name: delete nginx compression files #删除压缩包
shell: rm -rf /tmp/nginx.tar.gz
[root@ansible2 nginx_install]# cat roles/install/tasks/main.yml
- include: copy.yml #调用copy.yml和install.yml
- include: install.yml
#添加shell: cd /usr/local/nginx-1.9.6 && ./configure --prefix=/usr/local/nginx
shell: cd /usr/local/nginx-1.9.6 && make && make install
ansible-playbook /etc/ansible/nginx_install/install.yml
管理配置文件
#在/etc/ansible/nginx_config/roles/new/files/下创建vhosts文件夹,并复制nginx.conf
cat /etc/ansible/nginx_config/roles/new/tasks/main.yml
- name: copy conf file #复制.conf和hosts文件
copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
with_items:
- { src: nginx.conf, dest: conf/nginx.conf }
- { src: vhosts, dest: conf/ }
notify: restart nginx
[root@ansible-test1 ansible]# clear
[root@ansible-test1 ansible]# cat /etc/ansible/nginx_config/roles/new/handlers/main.yml
- name: restart nginx #用于重新加载nginx服务
shell: /etc/init.d/nginx reload
[root@ansible-test1 ansible]#
[root@ansible-test1 ansible]# cat /etc/ansible/nginx_config/roles/new/tasks/main.yml
- name: copy conf file #复制.conf和hosts文件
copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
with_items:
- { src: nginx.conf, dest: conf/nginx.conf }
- { src: vhosts, dest: conf/ }
notify: restart nginx
[root@ansible-test1 ansible]#
[root@ansible-test1 ansible]#
[root@ansible-test1 ansible]# cat /etc/ansible/nginx_config/roles/new/vars/main.yml
nginx_basedir: /usr/local/nginx #定义变量
[root@ansible-test1 ansible]#
[root@ansible-test1 ansible]#
[root@ansible-test1 ansible]# cat nginx_config/update.yml
---
- hosts: 192.168.200.153 #入口文件
user: root
roles:
- new #这里只有new
ansible-playbook /etc/ansible/nginx_config/update.yml
